Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:617

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51403

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:617

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:617.

The file command is used to identify a particular file according to
the type of data contained in it.

iDefense has found a buffer overflow vulnerability[1] in the file
command. This vulnerability can be triggered by the use of specially
crafted files.

Since file is a very common utility used by many subsystems (like the
printing subsystem), attackers can exploit this vulnerability to
remotely or locally compromise system security.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0102 to this issue[2].

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.idefense.com/advisory/03.04.03.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0102
https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2003:617
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0102
BugTraq ID: 7008
http://www.securityfocus.com/bid/7008
Bugtraq: 20030304 [OpenPKG-SA-2003.017] OpenPKG Security Advisory (file) (Google Search)
Bugtraq: 20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1) (Google Search)
http://marc.info/?l=bugtraq&m=104680706201721&w=2
CERT/CC vulnerability note: VU#611865
http://www.kb.cert.org/vuls/id/611865
Debian Security Information: DSA-260 (Google Search)
http://www.debian.org/security/2003/dsa-260
Immunix Linux Advisory: IMNX-2003-7+-012-01
http://lwn.net/Alerts/34908/
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
http://www.idefense.com/advisory/03.04.03.txt
NETBSD Security Advisory: NetBSD-SA2003-003
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
http://www.redhat.com/support/errata/RHSA-2003-086.html
http://www.redhat.com/support/errata/RHSA-2003-087.html
SuSE Security Announcement: SuSE-SA:2003:017 (Google Search)
http://www.novell.com/linux/security/advisories/2003_017_file.html
XForce ISS Database: file-afctr-read-bo(11469)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11469

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51403
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:617
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:617. The file command is used to identify a particular file according to the type of data contained in it. iDefense has found a buffer overflow vulnerability[1] in the file command. This vulnerability can be triggered by the use of specially crafted files. Since file is a very common utility used by many subsystems (like the printing subsystem), attackers can exploit this vulnerability to remotely or locally compromise system security. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0102 to this issue[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.idefense.com/advisory/03.04.03.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0102 https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2003:617 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0102 BugTraq ID: 7008 http://www.securityfocus.com/bid/7008 Bugtraq: 20030304 [OpenPKG-SA-2003.017] OpenPKG Security Advisory (file) (Google Search) Bugtraq: 20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1) (Google Search) http://marc.info/?l=bugtraq&m=104680706201721&w=2 CERT/CC vulnerability note: VU#611865 http://www.kb.cert.org/vuls/id/611865 Debian Security Information: DSA-260 (Google Search) http://www.debian.org/security/2003/dsa-260 Immunix Linux Advisory: IMNX-2003-7+-012-01 http://lwn.net/Alerts/34908/ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030 http://www.idefense.com/advisory/03.04.03.txt NETBSD Security Advisory: NetBSD-SA2003-003 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc http://www.redhat.com/support/errata/RHSA-2003-086.html http://www.redhat.com/support/errata/RHSA-2003-087.html SuSE Security Announcement: SuSE-SA:2003:017 (Google Search) http://www.novell.com/linux/security/advisories/2003_017_file.html XForce ISS Database: file-afctr-read-bo(11469) https://exchange.xforce.ibmcloud.com/vulnerabilities/11469
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com